Hello Reinis,
On Fri, Apr 17, 2015 at 02:01:19PM +0300, Reinis Rozitis wrote:
Hello,
has something changed regarding 'forwardfor' in latst 1.6 versions?
I was running and oldish snapshot '1.6-dev0-9654e57 2014/11/18' with:
defaults
option forwardfor header X-Real-IP
But now after upgrading to '1.6-dev1-af2fd58 2015/04/14' with the exactly
same configuration it broke - the header isn't passed anymore so had to
revert back.
Sniffed with tcpdump and indeed there are no headers with the (real)client
ip anymore.
I have additional http-request set-header HTTPS %[ssl_fc] - which is still
passed fine.
Am I missing something?
No, you found a bug I introduced with this patch :
350f487 CLEANUP: session: simplify references to
chn_{prod,cons}(s-{req,res})
I was extremely careful as it touched a large part of the code but I
managed to fail at it here :
@@ -4347,7 +4347,7 @@ int http_process_request(struct session *s, struct
channel *req, int an_bit)
{
struct http_txn *txn = s-txn;
struct http_msg *msg = txn-req;
- struct connection *cli_conn = objt_conn(chn_prod(req)-end);
+ struct connection *cli_conn = objt_conn(s-si[1].end);
It should be s-si[0].end and not [1]. The result is that cli_conn is NULL
so the front connection doesn't exist, it has no address and the header is
not appended.
I've just fixed it now and attached the patch so that you can apply it
right now.
Thanks for reporting this!
Willy
From ee335e65dc8f4ac691d4e5be7b0c3c98e6ec83e4 Mon Sep 17 00:00:00 2001
From: Willy Tarreau w...@1wt.eu
Date: Tue, 21 Apr 2015 18:15:13 +0200
Subject: BUG/MEDIUM: http: properly retrieve the front connection
Commit 350f487 (CLEANUP: session: simplify references to
chn_{prod,cons}(s-{req,res}))
introduced a regression causing the cli_conn to be picked from the server
side instead of the client side, so the XFF header is not appended anymore
since the connection is NULL.
Thanks to Reinis Rozitis for reporting this bug. No backport is needed
as it's 1.6-specific.
---
src/proto_http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/proto_http.c b/src/proto_http.c
index 377160b..d20225a 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -4343,7 +4343,7 @@ int http_process_request(struct stream *s, struct channel
*req, int an_bit)
struct session *sess = s-sess;
struct http_txn *txn = s-txn;
struct http_msg *msg = txn-req;
- struct connection *cli_conn = objt_conn(s-si[1].end);
+ struct connection *cli_conn = objt_conn(strm_sess(s)-origin);
if (unlikely(msg-msg_state HTTP_MSG_BODY)) {
/* we need more data */
--
1.7.12.1
